States, Municipalities Push Back Against Federal Tech Policy

When it comes to setting up a federal privacy standard that overrides state and local privacy laws, New York City just told the Trump Administration “thanks, but no thanks.”

In a new filing, New York City — like the state of California — informed the federal government it will draft and pass its own internet privacy law regardless of any standards set by Washington, throwing cold water on the feds’ efforts to arrive at a national consensus for federal tech policy.

New York’s move aligns with an ongoing trend of states and municipalities pushing back against federal policies they believe are inadequate for their residents — and tech issues are a prime target.

In comments filed with the National Telecommunications and Information Administration (NTIA), the city of New York offered its suggestions for a national privacy law, but also highlighted its own efforts to protect consumers’ privacy.

For example, New York has a mayoral-appointed chief privacy officer, has a cybersecurity program for city wi-fi networks and is considering passing a bill (Introduction No. 1101-2018) that would “eliminate the unrestricted collection and use of New Yorkers’ personally identifiable information by cable providers.”

But the crux of New York’s comments to the NTIA comes at the end, when the city clarifies it will pass its own privacy law no matter what the federal government does.

“We believe that a ‘flexible, strong, predictable, and harmonized’ federal framework for consumer privacy can serve as a model for setting baseline consumer privacy protection efforts on the state and local level across the country, especially given the myriad complex and often siloed federal, state, and local laws and regulations governing information privacy,” the city states in the filing.

New York’s actions are similar to those of California, which passed its own privacy law, the California Consumer Privacy Act (CCPA).

Californians for Consumer Privacy (CCP), a pro-privacy activist group, filed their own comments with the NTIA stating they expect the federal government to pass a similar law and asking the NTIA to ensure that attorneys general (AGs) have the ability to enforce any federal privacy law at the state level, so as to better protect consumers.

At least 35 states introduced or considered more than 265 bills or resolutions related to cybersecurity in 2018, according to the National Conference of State Legislatures. By pushing their own policy standards, states are hoping to influence the direction of federal tech policy, said Paul Nolette, an associate professor of political science at Marquette University.

Such influence is especially potent when the leaders are California and New York.

“[They] can have a national impact just because of the size of their economies,” Nolette told InsideSources. “If they have different regulations in place, they extend outside the state’s borders.”

For example, he said, the Clean Air Act allowed California to set higher emissions standards, which then forced the auto industry to make cars that fit California’s standard. Because it would have been extremely expensive and impractical to make different cars just for the state of California that satisfied California’s emissions standards, automakers had to operate on California’s standard on a national scale.

“They can’t make cars just for California, so it drives regulation up across the entire industry,” Nolette said. “It illustrates the issue of having national markets, and how the big players — particularly New York and California — can really drive national regulation.”

Handling a patchwork of state laws regulating the tech industry — like the auto industry — is especially tricky because it’s very embedded in interstate commerce. Various major tech players like Apple, Amazon, AT&T, Facebook and Google have said they don’t want a patchwork of state laws.

“The sticking points are state preemption and private right of action,” Roslyn Layton, a visiting scholar at the American Enterprise Institute (AEI) told InsideSources. “They don’t want to have 50 states of rules and everyone suing on every little thing. So that’s a big deal for the big companies. We have a national government for a reason. This is one of the challenges of making these rules, we want to ensure for all Americans a single standard.”